explorations in BlackMatter machine code and ELF parsing

neftis · (This post was last modified: 09-06-2021, 09:31 PM by neftis.)

Outside of GreySec I've been starting to examine the recent BlackMatter ransomware, or at least attempting to do so.

I hope it isn't bad form to do this, but the posts are on my Medium profile here.

This is terra incognita for me, but I would happy to share additional insights or answer questions as well. Hopefully there is something of value there to those interested.

neftis

Vector · 09-07-2021, 07:37 AM

It's fine to point people to venues other than GS, as long as the OP contains more than: "Look over here". After all my public and private projects related to GS don't all live on the forum either. Bad form would just be advertising for the sake of driving traffic to your venue. Pointing us to something you have been working on in a format that is not a BBS and providing the appropriate context is perfectly fine.

When i have a moment i'll check out what you've been working on over at Medium.

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	RaaS forums and Markets	wandenreich	10	6,944	03-23-2022, 02:07 AM Last Post: Vector
	assembly and RE vs expanding into C2 creation / learning	neftis	4	7,820	03-18-2022, 08:28 AM Last Post: ubercage
	Malware Source-code Share	Insider	6	21,976	02-22-2022, 06:50 PM Last Post: itxfahdi
	Phishing and Spamming tool	blackhat292	1	8,905	07-16-2021, 05:20 PM Last Post: Vector